Commerce is the most targeted sector with 44% of API attacks
CAMBRIDGE, Mass., March 19,
2024 /PRNewswire/ -- Akamai Technologies,
Inc. (NASDAQ: AKAM), the cloud company that powers and
protects life online, today released a new State of the Internet
(SOTI) report. Lurking in the Shadows: Attack Trends Shine Light on
API Threats highlights the array of attacks that are targeting
APIs and finds that 29% of overall web attacks targeted APIs from
January through December 2023.
Commerce is the most attacked vertical with 44% of API attacks,
followed by business services at nearly 32%.
APIs are vital to most organizations because they improve both
employee and customer experiences. Unfortunately, cybercriminals
have leveraged this digital innovation and the rapid expansion of
the API economy to create new opportunities for exploitation. The
new SOTI notes that these attacks will continue to spike as the
demand for API use increases, and urges organizations to properly
account for and secure their APIs.
This latest research analyzes some of the most common problem
areas with regard to both posture and runtime challenges. It offers
several case studies that underscore the real-world implications of
API security for organizations and features breakout reports with
data for the Europe, Middle East, and Africa (EMEA) region and the Asia-Pacific and Japan (APJ) region.
Other key findings of the report include:
- Business logic abuse is a critical concern because it is
challenging to detect abnormal API activity without establishing a
baseline for API behavior. Organizations without solutions to
monitor anomalies in their API activity are at risk of runtime
attacks like data scraping — a new data breach vector that uses
authenticated APIs to slowly scrape data from within.
- The range of attacks on APIs includes tried-and-true methods
like Local File Inclusion (LFI), Structured Query Language
injection (SQLi), and Cross-Site Scripting (XSS) to infiltrate
their targets.
- APIs are at the heart of most of today's digital
transformations so it is paramount to understand the industry
trends and relevant use cases, such as loyalty fraud,
abuse, authorization, and carding attacks.
- Organizations need to think about compliance requirements and
emerging legislation early in their security strategy process to
avoid the need to re-architect.
"APIs are increasingly critical to organizations but their
security is often not designed into the capability, or the security
team is not able to keep up with the rapid deployment of new
technology," said Steve Winterfeld,
Advisory CISO of Akamai. "Lurking in the Shadows: Attack Trends
Shine Light on API Threats provides insights and visibility to help
organizations leverage the best practices to protect
customers."
This year marks the 10th anniversary of Akamai's State of the
Internet (SOTI) reports. The SOTI series provides expert insights
on the cloud security and web performance landscapes, based on data
gathered from Akamai Connected Cloud.
About Akamai
Akamai powers and protects life online.
Leading companies worldwide choose Akamai to build, deliver, and
secure their digital experiences — helping billions of people live,
work, and play every day. Akamai Connected Cloud, a massively
distributed edge and cloud platform, puts apps and experiences
closer to users and keeps threats farther away. Learn more about
Akamai's cloud computing, security, and content delivery solutions
at akamai.com and akamai.com/blog, or follow Akamai
Technologies on X, formerly known as Twitter, and
LinkedIn.
Contact
Jim
Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/akamai-research-finds-29-of-web-attacks-target-apis-302092424.html
SOURCE Akamai Technologies, Inc.